CVE-2010-0162

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions 3.0.x through 3.0.17 Mozilla Firefox versions 3.5.x through 3.5.7 SeaMonkey versions prior to 2.0.3

Description The issue allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via an embedded SVG document, due to improper support for the application/octet-stream content type as a protection mechanism against execution of web script in certain circumstances involving SVG and the EMBED element.

Recommendations For Mozilla Firefox versions 3.0.x through 3.0.17, update to version 3.0.18 or later. For Mozilla Firefox versions 3.5.x through 3.5.7, update to version 3.5.8 or later. For SeaMonkey versions prior to 2.0.3, update to version 2.0.3 or later.